diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-05-31 10:02:02 +0200 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2022-07-14 07:24:27 +0100 |
commit | aa73b7d352c383e415d4d7567b79ce074c6762cd (patch) | |
tree | 7af012b8655808e332a4bb9f636bd643ef1ef03a /doc/man1 | |
parent | ec8a3409487c871b440fa52bff7c3ef33378494a (diff) |
openssl-x509.pod.in: fix description of certificate serial number storage
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
Diffstat (limited to 'doc/man1')
-rw-r--r-- | doc/man1/openssl-x509.pod.in | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index ee1aa4492f..ef4ebfd649 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -496,18 +496,18 @@ See L<openssl-format-options(1)> for details. Sets the CA serial number file to use. -When the B<-CA> option is used to sign a certificate it uses a serial -number specified in a file. This file consists of one line containing -an even number of hex digits with the serial number to use. After each -use the serial number is incremented and written out to the file again. +When creating a certificate with this option, the certificate serial number +is stored in the given file. This file consists of one line containing +an even number of hex digits with the serial number used last time. +After reading this number, it is incremented and used, and the file is updated. The default filename consists of the CA certificate file base name with F<.srl> appended. For example if the CA certificate file is called F<mycacert.pem> it expects to find a serial number file called F<mycacert.srl>. -If the B<-CA> option is specified and both the <-CAserial> and <-CAcreateserial> -options are not given and the default serial number file does not exist, +If the B<-CA> option is specified and neither <-CAserial> or <-CAcreateserial> +is given and the default serial number file does not exist, a random number is generated; this is the recommended practice. =item B<-CAcreateserial> |